Java-Success Blog

Nov 30, 2011

Are you feeling stagnated?

One of the dilemmas many professionals face is when to jump the ship? versus when to steady the ship? There is no right or wrong answer to this question, and the answer depends on the individual circumstances. But here are some of my thoughts that might aid in your decision making. With the start of a new year, you may be among the millions of people thinking of making an important change in your life.

"Thanks and farewell" emails

From time to time, I receive goodbye emails, and in fact a recent email similar to the one below prompted me to write this blog entry.

Hello all,

After nearly 5 and a half years working for XYZ, it has been decided that my role will no longer be required beyond 2nd December 2011.
....
Thanks for the good times and ...............

In this scenario, it is fine if you had acquired marketable and sought-after skills to move on with your career, and not fine if your skills and knowledge were not kept up to date. Even if you find your work boring or not challenging, there is no excuse for not motivating yourself to acquire sought-after skills as there are plethora of online tutorials/articles and good books to keep your knowledge up to date. But, in a longer term, it is always better to acquire the much needed hands-on commercial experience. The skills to watch out for include technical skills, soft skills, domain knowledge, and personal traits.

Work at XYZ until you get a gold watch?

There are no more jobs like that – companies are under too much pressure to be lean and flexible (layoffs, downsizing, reorganization), so workers have to be, too (take on new challenges, acquire new skills). People jump the ship for a number of reasons like life style changes, feeling bored, burnt or stressed out, feeling stagnated, and wanting to earn more money. People steady the ship for a number of reasons like already jumped the ship too often, not ready to take on new challenges due to personal reasons, bad economy, etc. About 30 years ago, when my parents were in their working years, the prevailing notion was that an employer would "take care of you" for a long time with a secure job and a decent pension. But that's gone the way of the typewriter and carbon paper. Today, it's not uncommon to change jobs voluntarily every few years. Changing jobs (obviously, not too often) will

enhance your experience and broaden your knowledge and skills. To be successful, you need to have well rounded skills in technology and 16 key areas discussed.The longer you stay at one company, the less motivated you become to learn new technology/framework/tool, etc.

help you build up a wider network

make you progress in your career a lot quicker.

give you the confidence to find a job whenever you need to. Now a days, there is no real job security in being with a company for 10+ years unless you are going places within the organization and see yourself a good future there. The real security comes from keeping your skills and knowledge up to date. Being complacent can come back and bite you.

increase your earning potential. If you are lucky enough to get a promotion with your current company, they will only give you a small increase in salary, just enough to justify the promotion and keep you. If you however require a decent promotion and increased package, changing jobs and employer is the way to go.

You don't have to put up with things like "this is how we have always did it" syndrome. Getting different perspectives on development processes, agile practices, architectures, etc will give you an opportunity to understand not only what works and what doesn't, but also when it does work without getting into the hype. Some businesses are not set up to embrace the latest and greatest. They are more business focused than technology focused. So, it real pays to work in different sectors like telecom, finance, insurance, software house, etc to "think outside the box" to see how the similar problems are solved differently in different sectors or organizations.

By expanding your horizons, you become a better coder and problem solver.

In fact, stability is a big goal for new workers today because the old path of staying at the same job for stability does not necessarily work for everyone. Note: Some do progress well within the same organization. Here are a few tell tale signs to jump the ship when the time is right.

Your skills are not respected. If you feel that your employer doesn’t recognize your value to the company, then it may be time for a change. When you hand in your resignation, you are asked questions like -- what can I do to keep you here?

You’re stuck in the same position, doing the same things, for nearly the same pay, for a long time, it’s time to shake things up. Be realistic of the situation, rather than deluding yourselves into believing that things will miraculously improve or what your boss tell you to convince you to stay back.

Constantly looking at your watch and being unhappy at work.

Balance is the key

You need a balance between "changing ships too often" and "not changing ships at all". Some employers in selected industry segments will wonder "what's wrong" with an individual who has not changed jobs in X years, and on the other hand, there are still many employers who will look on frequent changes unfavorably. The obvious implications for them are, that you won't stay long enough to make any significant contributions, and that if you were hired, perhaps your tendency to leave quickly will inspire many otherwise loyal employees to leave as well.

How do you go about steadying the ship?

So, if you jump the ship too often, it is imperative that you find a way to communicate your frequent changes in the past as a positive, not a negative in your resume and at job interviews. For example,

Change in career direction.

Emphasizing that one of your primary objectives in this job change is to find an employer that will provide challenges and growth opportunities over the years.

Emphasizing that stability and permanence are at the top of your list of priorities, and that the targeted company appears to be one .

Providing references to your past employers who will vouch positively for your capabilities. This is why it is vital to always move on in good terms. Never burn bridges. Networking is a key aspect in your career progression.

Focusing more on your past accomplishments in your resume and at job interviews.

Conclusion

You are the captain of your ship, and best placed to solve your dilemma based on your current circumstance and career aspirations. It is not an easy decision to make. What ever your decision is, don't base it on monetary value alone. Use a multi-attribute decision model like the one discussed in blog entry -- How to choose from multiple job offers? to cover all angles.

"Love your job but don't love your company, because you may not know when your company stops loving you."

Q21. How do you read properties file in spring?A21. PropertyPlaceholderConfigurer allows you to share a properties files. You can simply share one properties file for all of your build info or you can separate things out, and have multiple properties files in your build script.

Managing properties for an enterprise application can be a bit trickier than one might expect. The following link covers some basics around working with properties files.

STEP 2: Make some changes to the wiring. The beans4.xml uses the PropertiesFactoryBean and pass it to the PropertyPlaceholderConfigurer. Also, notice that the myappProperties is injected into orderNotification via setter injection.

Java Interview Questions and Answers: working with proprties files

Managing properties for an enterprise application can be a bit trickier than one might expect.

Q: How would you go about managing properties files in your application?A: One great advantage of property files is that they let you change your application's configuration without recompilation. However, you most likely need to restart your application for the new configuration to take effect. However, you most likely need to restart your application for the new configuration to take effect. There are different types of properies files like

1. Environment independent files archived within a war or ear. These can be loaded via the classpath.

classpath:test/myapp.properties

2. Environment independent files stored outside a war or ear. These need to be loaded via a file loader. Define a JVM argument or system property for the path of the file.

file:${PROPERTIES_HOME}/test/myapp.properties

3. Environment specific files stored outside a war or ear. These need to be loaded via a file loader. Define a JVM argument or system property for the path of the file.

file:${PROPERTIES_HOME}/test/myapp_${my_env}.properties

It is a best practice to store environment specific (e.g. test, dev, uat, staging, prod, etc) files outside the war or ear archives as the same archive can be deployed to any environment without having to package environment specific archives.

4. Properties file with sensitive information. Store the property values encrypted (Triple DES) or encoded (base64) with a salt. A salt is a secret that can be stored in a database or a separate file with proper access control.

5. Dynamic information in properties file or loading a property file at runtime. For example, in your .properties file you can use

You can also dynamically load .properties file with the load and store methods in java.util.Properties. It is recommended to use an existing configuration library like Apache Commons Configuration to load properties file at runtime without having to bring the server or application down. The commons config does support variable interpolation.

application.title = ${application.name} ${application.version}

Finally you can use JMX (Java Management eXtension) to write your own managed bean to change proprty values at runtime. A typical real life example would be to change log4j.xml debug levels. Appropriate log levels are very handy in diagnosing problems in production, but log levels like trace or debug can adversely impact performance. Hence, it is very useful to be able to set log levels at runtime.

Here is a sample .properties file that can be used with Apache's commons configuration.

Spring has the ability to load properties files as part of the application configuration, for use internally. The properties can be referenced within spring configuration files using ant-style placeholders, e.g. ${app.var}. Here is the link to step by step tutorial.

Q5. Can you describe the bean life cycle?A5. A Spring Bean represents a POJO (Plain Old Java Object) performing useful operation(s). All Spring Beans reside within a Spring IOC Container. The Spring Framework hides most of the complex infrastructure and the communication that happens between the Spring Container and the Spring Beans. The state-chart diagram below highlights these communications.

Q6. What is a BeanFactory? A6. The BeanFactory is the actual container which instantiates, configures, and manages a number of beans. These beans typically collaborate with one another, and thus have dependencies between themselves.

Q. How would you go about wiring up the spring managed bean dependencies?A. In general, the dependencies are wired via the Spring config file. For example, the MyBeanService depends on MyBeanDao, and MyBean depends on MyBeanService, etc via either constructor or setter injection.

Here is the big picture of the collaborating classes and interfaces.

Here are the libraries ( highlighted in blue rectangle) that needs to be in the classpath.The commons-logging is used by the spring-beans-xx.jar.

STEP 1: Firstly define the relevant interfaces. Coding to interfaces is a good design parctice that loosely couples your classes.

As you can see, the MyBeanDao is injected via the setter injection into MyBeanService, and the MyBeanService is injected into MyBean via the constructor injection.

Q. How do you bootstrap the initial bean?A.

STEP 3: The TestSpring class is the client class that makes use of the MyBean. In order to access the initial entry point into your application, which in this case is "MyBean", it needs to be bootstrapped via a BeanFactory implementation class. It can be done a number of ways as demonstrated below.

When MyBean bean = (MyBean)factory.getBean("myBean"); is executed, the dependent beans are created and wired up by the IOC container. You can further extend this by providing the necessary hooks to further enhance your understanding.

Q7. What would you do if it’s not practical (or impossible) to wire up your entire application into the Spring framework, but you still need a Spring loaded bean in order to perform a task?

A7. For example,

an auto generated web service client class! But you do want to use the dependency injection feature of Spring to get some of the other beans injected in to this class.

A legacy code that needs to make use of a Spring bean.

The ApplicationContextAware interface provided by Spring allows you to wire some java classes which are unable (or you don’t want it) to be wired to the Spring application context.

STEP 1: The ApplicationContextAware interface makes sense when an object requires access to a set of collaborating beans.

Q8. How would you create an application context from a web application?A8. As opposed to the BeanFactory, which will often be created programmatically, ApplicationContexts can be created declaratively using a ContextLoader. You can register an ApplicationContext using the ContextLoaderListener as shown below in the web.xml file. The Spring context listener provides more flexibility in terms of how an application is wired together. It uses the application's Spring configuration to determine what object to instantiate and loads the objects into the application context used by the servlet container.

By default, it looks for a file named applicationContext.xml file in WEB-INF folder. But, you can configure the org.springframework.web.context.ContextLoaderListener class to use a context parameter called contextConfigLocation to determine the location of the Spring configuration file. The context parameter is configured using the context-parameter element. The context-param element has two children that specify parameters and their values. The param-name element specifies the parameter's name. The param-value element specifies the parameter's value.

Note: There will be only one ServletContext for each web application. ServletContext will be created while deploying the application. Once the ServletContext is created, it will be used by all the servlets and jsp files in the same application. ServletContext is also called as the application scope variables in the web application scenario. The ContextLoaderListener is in the spring-web-xxx.jar. It is quite handy to check the Spring API for org.springframework.web.context.support.XmlWebApplicationContext class that describes this.

For a WebApplicationContext that reads in a different bean definition format, you could define your own implementation, and define your implementation with the "contextClass" init parameter.

Nov 21, 2011

Java Interview Q&A on SSL and truststore vs keystore?

Q. What do you understand by the terms trusstores and keystores in Java?

A. You generally need a truststore that points to a file containing trusted certificates, no matter whether you are implementing the server or the client side. You may or may not need a keystore. The keystore points to a file containing private key. You need a keystore if

you are implementing the server side of the protocol, or

you are implementing the client side and you need to authenticate yourself to the server.

The keystore will be used for encrypting/signing some thing with your private key while the trust stores will be used mostly to authenticate remote servers. To create a trust store, follow the steps outlined below.

STEP 1:

The first step is to get hold of the certificates. You could export the certificates from Google chrome or Firefox. If you click the "view site" information in Google Chrome, it's possible to save to file any cert in the chain. In Firefox, you could try something like

Click on "I understand the Risks" and then on "Add exception". You will be getting a screen as shown below.

Click on "Get certificate" and then "View". On the 2nd tab, named "details" you will see an export button to export the certificate.

Save the file as shown above to be imported into your truststore as explained below.

STEP 2:

To create a working truststore, it needs to contain the certs to trust, as well as the certs in the parent chain. You can import certificates with the keytool that ships with Java.

Q. How do you go about resolving any SSL related installation issues?A. There are several SSL tools that are available that can help you determine SSL problems and get your servers running SSL properly.

OpenSSL is an open source implementation of the SSL protocol, and by far the most versatile SSL tool.

Q. What is a one-way SSL?A. One way SSL just means that the server does not validate the identity of the client. The client generates a random key, encrypts it so that only the server can decrypt it, and sends it to the server. The server and client now have a shared secret that can be used to encrypt and validate the communications in both directions.